Security News > 2021 > October > Google: YouTubers’ accounts hijacked with cookie-stealing malware
Google says YouTube creators have been targeted with password-stealing malware in phishing attacks coordinated by financially motivated threat actors.
The threat actors used social engineering and phishing emails to infect YouTube creators with information-stealing malware, chosen based on each attacker's preference.
Malware observed in the attacks includes commodity strains like RedLine, Vidar, Predator The Thief, Nexus stealer, Azorult, Raccoon, Grand Stealer, Vikro Stealer, Masad, and Kantal, and open-source ones such as Sorano and AdamantiumThief.
Once delivered on the targets' systems, the malware was used to steal their credentials and browser cookies which allowed the attackers to hijack the victims' accounts in pass-the-cookie attacks.
Google identified at least 1,011 domains linked to these attacks and roughly 15,000 actor accounts specifically created for this campaign and used to deliver phishing emails containing links redirecting to malware landing pages to YouTube creators' business emails.
A significant number of YouTube channels hijacked in these attacks were later rebranded to impersonate high-profile tech executives or cryptocurrency exchange firms and used for live streaming cryptocurrency scams.
News URL
Related news
- New details reveal how hackers hijacked 35 Google Chrome extensions (source)
- Fake Homebrew Google ads target Mac users with malware (source)
- Crypto-stealing iOS, Android malware found on App Store, Google Play (source)
- Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking (source)
- Week in review: Exploited 7-Zip 0-day flaw, crypto-stealing malware found on App Store, Google Play (source)